While other MediaPost newsletters and articles remain free to all ... our new Research Intelligencer service is reserved for paid subscribers ...

Subscribe today to gain access to the every Research Intelligencer article we publish as well as the exclusive daily newsletter, full access to The MediaPost Cases, first-look research and daily insights from Joe Mandese, Editor in Chief.

Commentary

Fake clicks have a new look and new name — click injection — and they only occur on mobile devices running Google's Android operating system, according to findings released
Thursday.

Click-injection fraud — which can appear as "legitimate advertising interactions to marketing analytics systems" — is forecast to become one major form of mobile
marketing fraud in 2017, according to Andreas Naumann, fraud specialist at Adjust.

This type of fraud usually occurs when someone installs a free app on their phone, like a game of solitaire,
only on a device running Android because it occurs during the broadcasts — a feature of Android OS, which is presently not mirrored on iOS. It can affect any
advertising campaign targeted at driving mobile installs priced on a CPI basis.

Status broadcasts are sent when apps are downloaded, installed, or uninstalled. This creates a tight
connection between different apps by allowing apps to do things such as making it easier for users to log in with a deep link.

advertisement

advertisement

Naumann describes in a blog post how he first identified this
type of fraud. He explains that while patterns are visible in the average time it takes between the moment a user clicks on an ad and when a user installs the app, if marketers look at the length of
time between clicks and installs, they can identify affected campaigns.

"In mobile analytics, we usually say 'install' to refer to the first open," he wrote. "Measurement SDKs can’t
measure installs any sooner than this because the SDK code can’t run until the app is opened for the first time."

The person committing the fraud injects the click once the app has been
downloaded. The hijacked device will open the app normally, but the click will appear to have been made within a much shorter period of time between the click and the installation of the app.

He explains that the lag time differs for every user and for every app, and says regular click-to-install times are usually distributed, but there's an app average determined by the size and type
of the app.

"If you’re running a lot of CPI campaigns on multiple different ad networks, especially in higher-CPI markets like the U.S., you have a higher risk of exposure," Naumann
wrote.

This column was previously published in the Search Blog on January 19, 2017.